CVE-2022-49202

medium

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problem was in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->dev somewhere, since it will cause GPF.

References

https://git.kernel.org/stable/c/e6b6c904c0f88588b6a3ace20e4c0d61eab124f8

https://git.kernel.org/stable/c/8a3896c30f542439d36303183dc96f65df8cc528

https://git.kernel.org/stable/c/7235485433d290367d60ae22fcdfc565e61d42ab

https://git.kernel.org/stable/c/32cb08e958696908a9aad5e49a78d74f7e32fffb

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-02-26

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium